Perhaps an employee in your organization finds out that he or she is about to be fired and goes on a hacking spree. Or maybe Sally from accounting (sorry Sally) is always clicking on links that she receives in emails and you want to determine the risk to your network associated with that. An internal […]
In it’s most basic form, a penetration test is a skilled ethical hacker who is contracted to attempt to break into your organization and tell you what to fix. This will hopefully prevent a malicious actor from doing the same thing. With that being said, there are many different types of penetration tests. There are […]
On February 16th, 2017, the New York Department of Financial Services (NYDFS) released the NYDFS Cybersecurity Regulation (23 NYCRR 500). This regulation lays out a new set of cybersecurity requirements for all covered financial institutions. With this enactment, NY became the first state to implement comprehensive cybersecurity regulations. Our hope is that other states will […]
One of the biggest gaps I see in information security is that organization’s spend the majority of their budget on securing the perimeter of their network, and fail to consider the impact of social engineering. Think about it, how much has your organization spent on a firewall? Do you have an IPS? How about a […]
The Payment Card Industry Data Security Standard (PCI DSS) isn’t the easiest set of requirements to read and understand. Many of the items specified in it are ambiguous or open to a variety of different interpretations. So naturally, many organizations required to meet this standard just want to know what exactly do they need to […]
One of our key differentiators as an organization is that we’re a “Security Pure Play.” This simply means that we do not enter into exclusive partnerships with other software/hardware vendors to recommend their solution, and our core focus is only on information security services. We strive to elevate your security without forcing particular software/hardware on […]
The push for GDPR compliance has generated a lot of good questions. Is there a certification that organization’s can get to demonstrate their compliance with GDPR? If not, how is my business supposed to show that we are compliant when people ask us? The bottom line is that there is no GDPR certification. At least […]
The General Data Protection Regulation (GDPR) deadline on May 25, 2018 has come and passed. There is still a lot of mystery surrounding international enforcement of these updated data privacy laws, but the consequences of non-compliance are manifesting themselves as a number of high profile cases continue to shake out. So what is GDPR, where […]
As a small business ourselves, this is a question we can really relate to. Do you really need all this penetration testing? And even if I recognize it is important, can I even afford it? The fact is, as a small business, and especially as a startup, every single dollar is accounted for. Every dollar that is […]
Crazy variations in pricing between companies is one of the most common complaints we hear from clients comparing penetration testing quotes. This isn’t a new problem for the services industry as a whole, but it can be frustrating. Especially when you’re trying to compare services that are more technical in nature. Information security consulting engagements […]
